Vulnerabilities > CVE-2008-7311 - Credentials Management vulnerability in Spreecommerce Spree 0.2.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

spreecommerce

CWE-255

NVD

Published: 2012-04-05

Updated: 2024-11-21

Summary

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.

Vulnerable Configurations

Part	Description	Count
Application	Spreecommerce Spreecommerce Spree 0.2.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/
http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/
http://support.spreehq.org/issues/show/63
http://support.spreehq.org/issues/show/63